September 20, 2017

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

With access to an iCloud user’s username and password, Find My iPhone on iCloud.com can be used to “lock” a Mac with a passcode even with two-factor authentication turned on, and that’s what’s going on here.

And this, my friends, why you should never used the same password accross multiple sites. It’s also a great idea to use a password manager — such as 1Password or Apple’s own iCloud Keychain — to be able to make longer, more secure passwords and not have to remember them all.